Also, you seem to have 2 variables buried in a string with a #{} to separate them from the string. Is that intentional?

wadjorlolo
—
2011-02-04T15:01:41Z —
#3

Correction:

Also, you seem to have 2 variables buried in a string WITHOUT a #{} to separate them from the string. Is that intentional?

Louis_Simoneau
—
2011-02-10T22:55:53Z —
#4

@wadjorlolo: the #{} syntax shouldn't be used for passing variables into database queries, as Jon is doing here. The reason is that SQL code could be injected into the string, and your app will pass it straight on to the database, which could open you up to attacks.

@wadjorlolo: the #{} syntax shouldn't be used for passing variables into database queries, as Jon is doing here. The reason is that SQL code could be injected into the string, and your app will pass it straight on to the database, which could open you up to attacks.